Using Components with Known Vulnerabilities

The InsecureShop app contains a vulnerable library that allows any third-party app on the device to steal any file from the app's local storage and send this file to the arbitrary domain.

Hint: Checkout the Hackerone disclosures. One of the publicly disclosed report on Hackerone talks about this vulnerability and how this can be exploited.

Last updated